Backport of Fix policy lookup to allow for slashes into release/1.16.x (#18372)
* backport of commit 1a9cded960965d615a3a2146a4fef656839b1e34 * backport of commit cfec746d8b2d0b47b4aa66c951defa135f8791de * backport of commit 8a9db4cffc557641f9209770c6134086f25322af * backport of commit ac13bf16d6b5f853c26003cf088ff03988d8e235 --------- Co-authored-by: Jeremy Jacobson <jeremy.jacobson@hashicorp.com>
This commit is contained in:
parent
d1a52f31a2
commit
44ef42b4c2
|
@ -6,6 +6,7 @@ package agent
|
|||
import (
|
||||
"fmt"
|
||||
"net/http"
|
||||
"net/url"
|
||||
"strings"
|
||||
|
||||
"github.com/hashicorp/consul/acl"
|
||||
|
@ -145,6 +146,12 @@ func (s *HTTPHandlers) ACLPolicyCRUD(resp http.ResponseWriter, req *http.Request
|
|||
}
|
||||
|
||||
func (s *HTTPHandlers) ACLPolicyRead(resp http.ResponseWriter, req *http.Request, policyID, policyName string) (interface{}, error) {
|
||||
// policy name needs to be unescaped in case there were `/` characters
|
||||
policyName, err := url.QueryUnescape(policyName)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
args := structs.ACLPolicyGetRequest{
|
||||
Datacenter: s.agent.config.Datacenter,
|
||||
PolicyID: policyID,
|
||||
|
|
|
@ -45,9 +45,17 @@ func GetTokenAccessorIDFromPartial(client *api.Client, partialAccessorID string)
|
|||
}
|
||||
|
||||
func GetPolicyIDFromPartial(client *api.Client, partialID string) (string, error) {
|
||||
if partialID == "global-management" {
|
||||
return structs.ACLPolicyGlobalManagementID, nil
|
||||
// try the builtin policies (by name) first
|
||||
for _, policy := range structs.ACLBuiltinPolicies {
|
||||
if partialID == policy.Name {
|
||||
return policy.ID, nil
|
||||
}
|
||||
}
|
||||
|
||||
if policy, ok := structs.ACLBuiltinPolicies[partialID]; ok {
|
||||
return policy.ID, nil
|
||||
}
|
||||
|
||||
// The full UUID string was given
|
||||
if len(partialID) == 36 {
|
||||
return partialID, nil
|
||||
|
|
|
@ -0,0 +1,83 @@
|
|||
// Copyright (c) HashiCorp, Inc.
|
||||
// SPDX-License-Identifier: MPL-2.0
|
||||
|
||||
package acl
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"io"
|
||||
"testing"
|
||||
|
||||
"github.com/hashicorp/consul/agent"
|
||||
"github.com/hashicorp/consul/agent/structs"
|
||||
"github.com/hashicorp/consul/testrpc"
|
||||
"github.com/stretchr/testify/require"
|
||||
)
|
||||
|
||||
func Test_GetPolicyIDByName_Builtins(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
a := agent.StartTestAgent(t,
|
||||
agent.TestAgent{
|
||||
LogOutput: io.Discard,
|
||||
HCL: `
|
||||
primary_datacenter = "dc1"
|
||||
acl {
|
||||
enabled = true
|
||||
tokens {
|
||||
initial_management = "root"
|
||||
}
|
||||
}
|
||||
`,
|
||||
},
|
||||
)
|
||||
|
||||
defer a.Shutdown()
|
||||
testrpc.WaitForTestAgent(t, a.RPC, "dc1", testrpc.WithToken("root"))
|
||||
|
||||
client := a.Client()
|
||||
client.AddHeader("X-Consul-Token", "root")
|
||||
|
||||
for _, policy := range structs.ACLBuiltinPolicies {
|
||||
name := fmt.Sprintf("%s policy", policy.Name)
|
||||
t.Run(name, func(t *testing.T) {
|
||||
id, err := GetPolicyIDByName(client, policy.Name)
|
||||
require.NoError(t, err)
|
||||
require.Equal(t, policy.ID, id)
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
func Test_GetPolicyIDFromPartial_Builtins(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
a := agent.StartTestAgent(t,
|
||||
agent.TestAgent{
|
||||
LogOutput: io.Discard,
|
||||
HCL: `
|
||||
primary_datacenter = "dc1"
|
||||
acl {
|
||||
enabled = true
|
||||
tokens {
|
||||
initial_management = "root"
|
||||
}
|
||||
}
|
||||
`,
|
||||
},
|
||||
)
|
||||
|
||||
defer a.Shutdown()
|
||||
testrpc.WaitForTestAgent(t, a.RPC, "dc1", testrpc.WithToken("root"))
|
||||
|
||||
client := a.Client()
|
||||
client.AddHeader("X-Consul-Token", "root")
|
||||
|
||||
for _, policy := range structs.ACLBuiltinPolicies {
|
||||
name := fmt.Sprintf("%s policy", policy.Name)
|
||||
t.Run(name, func(t *testing.T) {
|
||||
id, err := GetPolicyIDFromPartial(client, policy.Name)
|
||||
require.NoError(t, err)
|
||||
require.Equal(t, policy.ID, id)
|
||||
})
|
||||
}
|
||||
}
|
Loading…
Reference in New Issue